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1 . Claims 1-28 have been examined. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-28 have been considered but are 
moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 



3. Claims 1-2, 4, 8 and 11-12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Shrader et al. (U.S. Patent 6,374,359), and further in view of Rail 
(Patent Application Publication 2003/0110399), Serbinis et al. (U.S. Patent 6,314,425) 
and Garrison (U.S. Patent 6,275,939). 

For claim 1, Shrader et al. teach a method for authenticating a web session 
comprising: 

receiving a user ID (note column 5, lines 44-50); 

encrypting a message using an encryption key (note column 7, lines 21-23); and 
converting the encrypted message into an ASCII string (note column 7, lines 33- 

36). 
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Shrader et al. differ from the claimed invention in that they fail to specify: 
computing a message digest of the user ID. 

Rail teaches computing a message digest of the user ID (note paragraph [0036]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the device of Shrader et al. with the message digest of Rail to form 
a system that received a user ID and then created a message digest of the user ID. 
One of ordinary skill in the art at the time of the invention would have been motivated to 
combine Shrader et al. and Rail because the message digest would provide integrity 
(note paragraph [0031] of Rail). 

The combination of Shrader et al. and Rail differ from the claimed invention in 
that the fail to specify computing an expiration timestamp for the session and combining 
the message digest and expiration timestamp. 

Serbinis et al. teach computing an expiration timestamp for the session and 
combining the message digest and expiration timestamp (note column 21, lines 1-10). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of Shrader et al. and Rail with the expiration 
timestamp of Serbinis et al. to from a device which received a user ID, generated a 
message digest of the ID and computed an expiration timestamp for the session. One 
of ordinary skill in the art at the time of the invention would have been motivated to 
combine Shrader et al., Rail and Serbinis et al. because an expiration timestamp would 
limit the re-use of a stolen message digest. 
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The combination of Shrader et al., Rail and Serbinis et al. differ from the claimed 
invention in that they fail to specify: 
selecting an index number; 

accessing an encryption key using the index number; and 
encrypting the message using the accessed encryption key. 

Garrison teaches: 

selecting an index number (note column 6, lines 33-36); 
accessing an encryption key using the index number (note column 6, lines 33- 
36); and 

encrypting the message using the accessed encryption key (note column 5, lines 
61-65). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of Shrader et al., Rail and Serbinis et al. with the 
encryption key selection method of Garrison to form a device which performs the steps 
of the combination of Shrader et al., Rail and Serbinis et al. which selects an index 
number, selects an encryption key and uses the key to encrypt the combined message 
digest and expiration timestamp. One of ordinary skill in the art at the time of the 
invention would have been motivated to combine Shrader et al., Rail, Serbinis et al. and 
Garrison because using a different key for each session makes the same log in 
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information appear different for each session, making it more difficult to break the 
encryption scheme or perform a replay attack (note column 6, lines 15-22 of Garrison). 

For claim 2, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach a method of claim 1 , wherein the step of combining the message digest and 
expiration timestamp more specifically includes concatenating the message digest and 
expiration timestamp (note column 21 , lines 2-4 of Serbinis et aL). 

For claim 4, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach a method of claim 1, wherein the step of receiving the user ID more specifically 
comprises receiving the user ID through an HTML page (note column 5, lines 44-47 of 
Shrader et al.) that is communicated from a remote client browser (note paragraph 
[0021] of Rail). 

For claim 8, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach a method of claim 1 , wherein the step of accessing the encryption key more 
specifically comprises retrieving an encryption key from a storage segment containing a 
plurality of encryption keys (note column 6, lines 32-36 of Garrison), wherein the 
retrieved encryption key is obtained from a location or position within the storage 
segment based upon the index number (note column 6, lines 32-36 of Garrison). 
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For claim 1 1 , examiner takes Official Notice that the encrypted message is 
converted into an ASCII string using a "printf command ("printf is a common and easy 
to implement command which is part of several programming languages, including the 
C programming language). 

For claim 12, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach a method of claim 1 , wherein the step of converting the encrypted message into 
an ASCII string more specifically includes converting the encrypted message into a 
hexadecimal value (note column 6, lines 43-47 and FIG. 7 of Shrader et aL). 

4. Claims 17-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Shrader et al. (U.S. Patent 6,374,359), and further in view of Rail (Patent Application 
Publication 2003/0110399), Serbinis et al. (U.S. Patent 6,314,425) and Garrison (U.S. 
Patent 6,275,939). 

For claim 17, Shrader et al. teach a system for authenticating a web session 
comprising: 

Logic configured to receive a user ID (note column 5, lines 44-50); 
Logic configured to encrypt a message using an encryption key (note column 7, 
lines 21-23); and 

Logic configured to convert the encrypted message into an ASCII string (note 
column 7, lines 33-36). 
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Shrader et al. differ from the claimed invention in that they fail to specify: 
logic configured to compute a message digest of the user ID. 
Rail teaches logic configured to compute a message digest of the user ID (note 
paragraph [0036]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the device of Shrader et al. with the message digest of Rail to form 
a system that received a user ID and then created a message digest of the user ID. 
One of ordinary skill in the art at the time of the invention would have been motivated to 
combine Shrader et al. and Rail because the message digest would provide integrity 
(note paragraph [0031] of Rail). 

The combination of Shrader et al. and Rail differ from the claimed invention in 
that the fail to specify logic configured to compute an expiration timestamp for the 
session and logic configured to combine the message digest and expiration timestamp. 

Serbinis et al. teach logic configured to compute an expiration timestamp for the 
session and logic configured to combine the message digest and expiration timestamp 
(note column 21, lines 1-10). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of Shrader et al. and Rail with the expiration 
timestamp of Serbinis et al. to from a device which received a user ID, generated a 
message digest of the ID and computed an expiration timestamp for the session. One 
of ordinary skill in the art at the time of the invention would have been motivated to 
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combine Shrader et al., Rail and Serbinis et al. because an expiration timestamp would 
limit the re-use of a stolen message digest. 

The combination of Shrader et al., Rail and Serbinis et al. differ from the claimed 
invention in that they fail to specify: 

Logic configured to select an index number; 

Logic configured to access an encryption key using the index number; and 
Logic configured to encrypt the message using the accessed encryption key. 

Garrison teaches: 

Logic configured to select an index number (note column 6, lines 33-36); 

Logic configured to access an encryption key using the index number (note 
column 6, lines 33-36); and 

Logic configured to encrypt the message using the accessed encryption key 
(note column 5, lines 61-65). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of Shrader et al., Rail and Serbinis et al. with the 
encryption key selection method of Garrison to form a device which performs the steps 
of the combination of Shrader et al., Rail and Serbinis et al. which selects an index 
number, selects an encryption key and uses the key to encrypt the combined message 
digest and expiration timestamp. One of ordinary skill in the art at the time of the 
invention would have been motivated to combine Shrader et al., Rail, Serbinis et al. and 
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Garrison because using a different key for each session makes the same log in 
information appear different for each session, making it more difficult to break the 
encryption scheme or perform a replay attack (note column 6, lines 15-22 of Garrison). 



For claim 18, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach the system of claim 17, further including a system to generate an expiration 
timestamp (note column 21, lines 1-10 of Serbinis et al.). 

For claim 19, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach the system of claims 17, further including logic configured to communicate the 
ASCII string to a remote computer (note column 7, lines 33-36 of Shrader et al.). 

For claim 20, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach the system of claim 17, further including a local memory for storing the plurality of 
encryption keys (note column 6, lines 32-36 of Garrison). 

5. Claim 21 and 23-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shrader et al. (U.S. Patent 6,374,359), and further in view of Rail (Patent 
Application Publication 2003/0110399) and Garrison (U.S. Patent 6,275,939). 

For claim 21, Shrader et al. teach a method for authenticating a transaction 
comprising: 
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encrypting a message using an encryption key (note column 7, lines 21-23); and 
converting the encrypted message into an ASCII string (note column 7, lines 33- 

36). 

Shrader et al. differ from the claimed invention in that they fail to specify: 
computing a message digest of a user ID. 

Rail teaches computing a message digest of a user ID (note paragraph [0036]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the device of Shrader et al. with the message digest of Rail to form 
a system that creates a message digest of the user ID. One of ordinary skill in the art at 
the time of the invention would have been motivated to combine Shrader et al. and Rail 
because the message digest would provide integrity (note paragraph [0031] of Rail). 

The combination of Shrader et al. and Rail differ from the claimed invention in 
that they fail to specify: 

selecting an index number; 

selecting an encryption key from a plurality of encryption keys using the index 
number; and 

encrypting the message using the accessed encryption key. 
Garrison teaches: 

selecting an index number (note column 6, lines 33-36); 
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selecting an encryption key from a plurality of encryption keys using the index 
number (note column 6, lines 33-36); and 

encrypting the message using the accessed encryption key (note column 5, lines 
61-65). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of Shrader et al. and Rail with the encryption key 
selection method of Garrison to form a device which performs the steps of the 
combination of Shrader et al. and Rail which selects an index number, selects an 
encryption key and uses the key to encrypt the message digest. One of ordinary skill in 
the art at the time of the invention would have been motivated to combine Shrader et 
al., Rail and Garrison because using a different key for each session makes the same 
log in information appear different for each session, making it more difficult to break the 
encryption scheme or perform a replay attack (note column 6, lines 15-22 of Garrison). 

For claim 23, the combination of Shrader et al., Rail and Garrison teach a 
method of claim 21 , wherein the step of selecting the encryption key more specifically 
includes retrieving the encryption key from a local memory based on the index number 
(note column 6, lines 32-36 of Garrison). 

For claim 24, the combination of Shrader et al., Rail and Garrison teach a 
method of claim 21 , further includes the step of communicating the ASCII string to a 
remote computer (note column 7, lines 33-36 of Shrader et al.). 
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6. Claim 22 is rejected under 35 U.S.C. 103(a) as being unpatentable over the 
combination of Shrader et al., Rail and Garrison as applied to claim 21 above, and 
further in view of Serbinis et al. 

For claim 22, the combination of Shrader et al., Rail and Garrison differ from the 
claimed invention in that the fail to specify concatenating the message digest with an 
expiration timestamp, wherein the step of encrypting the message more specifically 
includes encrypting the concatenated message using the accessed encryption key. 

Serbinis et al. teach concatenating the message digest with an expiration 
timestamp, wherein the step of encrypting the message more specifically includes 
encrypting the concatenated message using the accessed encryption key (note column 
21, lines 1-10). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of Shrader et al., Rail and Garrison with the 
expiration timestamp of Serbinis et al. to from a device which generated a message 
digest of the ID, computed an expiration timestamp for the session, concatenated the 
tow and encrypted them with a selected key. One of ordinary skill in the art at the time 
of the invention would have been motivated to combine Shrader et al., Rail, Garrison 
and Serbinis et al. because an expiration timestamp would limit the re-use of a stolen 
message digest. 
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7. Claims 3, 14 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shrader et al., Rail, Serbinis et al. and Garrison as applied to claim 1 above, and 
further in view of Berners-Lee et al. and Verio. 

For claim 3, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
teach a method of claim 1 , further comprising passing the ASCII string to a remote 
computer using FTP (note paragraph [0021] of Rail) within an HTML page (note 
paragraph [0024]) of Rail). 

The combination of Shrader et al., Rail, Serbinis et al. and Garrison differ from 
the claimed invention in that they fail to specify the ASCII string is passed in an FTP 
URL being of the form ftp://ID:ASCII@hostname, wherein ID is the user ID and ASCII is 
the ASCII string. 

Berners-Lee et al. teach "URL schemes that involve the direct use of an IP-based 
protocol to a specified host on the Internet use a common syntax for the scheme- 
specific data: //<user>:<password>@<host>:<port>/<url-path>" They go on to specify 
that <user> and <password> as "user: An optional user name. Some schemes (e.g., 
ftp) allow the specification of a user name. Password: An optional password. If present, 
it follows the user name separated from it by a colon." (note section 3.1 on page 5) 

The Verio glossary defines password as "A series of characters that enables 
someone to access a file, computer or program." This definition would make the ASCII 
value a password because it is a series of characters that are enabling a user to access 
files on an FTP server. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of combination of Shrader et al., Rail, Serbinis et 
al. and Garrison with passing the ASCII value in an FTP URL of Berners-Lee et al. One 
of ordinary skill in the art at the time of the invention would have been motivated to 
combine Shrader et al, Rail, Serbinis et al., Garrison and Berners-Lee et al. because it 
would provide a convenient way for a user to pass their user ID and password to a FTP 
server. 

For claim 14, the combination of Shrader et al., Rail, Serbinis et al., Garrison and 
Berners-Lee et al. teach a method of claim 3, further including the step of passing the 
index number to the remote computer (note column 6, lines 32-36 of Garrison). 

For claim 15, the combination of Shrader et al., Rail, Serbinis et al., Garrison and 
Berners-Lee et al. teach a method of claim 14, wherein the step of passing the index 
number to the remote computer more specifically comprises passing the index number 
to the remote computer separate from the ASCII string (note column 6, lines 32-36 of 
Garrison). 

8. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Shrader 
et al., Rail, Serbinis et al. and Garrison as applied to claim 1 above, and further in view 
of Jenkins. 
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For claim 5, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
differ from claimed invention in that they fail to specify the message digest of the user ID 
more specifically comprises computing a four-byte binary value. 

Jenkins teaches a hashing function that "Returns a 32-bit value." (note first 
paragraph of page 2) Note that a four bytes value is equal to 32 bits. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
that used the four byte hashing function of Jenkins to create the user ID message 
digest. One of ordinary skill in the art at the time of the invention would have been 
motivated to combine Shrader et al, Rail, Serbinis et al, Garrison and Jenkins because 
Jenkins teaches his hash function is "faster and more thorough than the one you are 
using now." (note Abstract of Jenkins) 

9. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Shrader 
et al., Rail, Serbinis et al. and Garrison as applied to claim 1 above, and further in view 
of Krishnaswamy et al (U.S. Patent 6,909,708). 

For claim 6, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
differ from claimed invention in that they fail to specify the expiration timestamp is 
computed in Epoch format. 

Krishnaswamy et al. teach a communication method that "records timepoints in 
the epoch time format." (note column 265, lines 37-46) 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
that computed the timestamp in Epoch format of Krishnaswamy et al. One of ordinary 
skill in the art at the time of the invention would have been motivated to combine 
Shrader et al., Rail, Serbinis et al. t Garrison and Krishnaswamy et al. because it would 
solve the problems associated with converting to and from daylight savings time (note 
column 265, lines 37-46 of Krishnaswamy et al.). 

10. Claims 7, 10 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shrader et al., Rail, Serbinis et al. and Garrison as applied to claim 1 above, and 
further in view of Tan (U.S. Patent 6,490,353). 

For claim 7, the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
differs from the claimed invention in that they fail to specify the index number used to 
access the encryption key is randomly generated. 

Tan teaches a key management scheme where "it may select these [key start 
points and lengths] by randomly selecting table entry numbers." 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
with the randomly selected index numbers of Tan. One of ordinary skill in the art at the 
time of the invention would have motivated to combined Shrader et al., Rail, Serbinis et 
al., Garrison and Tan because an unpredictable sequence of encryption keys would 
decrease the likelihood of breaking the encryption method. 
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For claim 10, the combination of Shrader et aL, Rail, Serbinis et al. and Garrison 
differs from the claimed invention in that they fail to specify the step of concatenating 
the index number to the encrypted message. 

Tan teaches a key management scheme where "the seed (randomly generated 
index number) may be communicated as part of the message transmission." 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail, Serbinis et al. and Garrison 
which included the index number in the message transmission as taught by Tan. One 
of ordinary skill in the art at the time of the invention would have been motivated to 
combine Shrader et al, Rail, Serbinis et al., Garrison and Tan because it provide a 
convenient way of storing the index number so the server would not have to locally 
store which cookie is encrypted with which key. 

For claim 13, examiner takes Official Notice that the encrypted message and the 
index number are converted into an ASCII string using a "printf command ("printf is a 
common and easy to implement command which is part of several programming 
languages, including the C programming language). 

11. Claim 9 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over Shrader 
et al., Rail, Serbinis et al. and Garrison as applied to claim 1 above, and further in view 
of Jenkins and Krishnaswamy et al. 
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The combination of Shrader et al., Rail, Serbinis et al. and Garrison differs from 
the claimed invention in that they fail to specify the encrypted combined message digest 
and timestamp are an eight-byte binary value. 

Jenkins teaches a hashing function that "Returns a 32-bit value." Note that a four 
bytes value is equal to 32 bits. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail, Serbinis et al. and Garrison, 
that used the four byte hashing function of Jenkins to create the user ID message digest 
because Rail teaches to use "a suitable hashing function" (note paragraph [0027] of 
Rail) and Jenkins teaches his hash function is "faster and more thorough than the one 
you are using now." (note Abstract of Jenkins) 

The combination of Shrader et al., Rail, Serbinis et al., Garrison and Jenkins 
differs from the claimed invention in that they fail to specify the encrypted combined 
message digest and timestamp are an eight-byte binary value. 

Krishnaswamy et al. teach an epoch timestamp that is stored in 16 bits, (note 
column 383, Word 5 of Krishnaswamy et al.) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail, Serbinis et al., Garrison and 
Jenkins that computed the timestamp in Epoch format of Krishnaswamy et al. One of 
ordinary skill in the art at the time of the invention would have been motivated to 
combine Shrader et al., Rail, Serbinis et al., Garrison and Krishnaswamy et al. because 



Application/Control Number: 10/085,895 Page 19 

Art Unit: 2137 

it would solve the problems associated with converting to and from daylight savings time 
(note column 265, lines 37-46 of Krishnaswamy et al.). 

Note using the DES encryption algorithm (note column 5, 61-65 of Garrison) 
would result in an eight byte binary value. Note, because of the block encryption 
properties of DES, an input of 48 bits (32 bit hash plus 16 bit timestamp) would result in 
a one-block output of 64 bits or eight bytes. 

12. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over Shrader 
et al., Rail and Garrison as applied to claim 21 above, and further in view of Swartz et al 
(U.S. Patent 6,095,418). 

For claim 25, the combination of Shrader et al., Rail and Garrison differs from the 
claimed invention in that it fails to specify including the step of communicating the ASCII 
string to a person through voice communication. 

Swartz et al. teach communicating the ASCII string to a person through voice 
communication (note column 4, lines 39-44). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the combination of Shrader et al., Rail and Garrison with the 
spoken ASCII of Swartz et al. to form a device which converted the message digest to 
ASCII and then read the string aloud to someone. One of ordinary skill in the art at the 
time of the invention would have been motivated to combine Shrader et al, Rail, 
Garrison and Swartz et al. because it provide a convenient way to give the user their 
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authenticated message digest when they do not have access to a computer or an 
Internet connection. 

13. Claims 26-28 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Shrader et al., Rail and Garrison as applied to claim 21 above, and further in view of 
Stern (U.S. Patent 6,110,044). 

For claims 26-28, the combination of Shrader et al., Rail and Garrison differs 
from the claimed invention in that they fail to specify the ASCII string is printed onto a 
ticket selected from the group consisting of an airline ticket, a concert ticket, an 
employee ID card, and an event ticket and further specifying the ASCII string be printed 
on the ticket in a form that it may be later electronically scanned for verification. 

Stern teaches a ticket printing and verification method which "contains a barcode 
printer (or other means for embodying a machine-readable indicium in a payout ticket), 
which prints both alphanumeric and barcode information on a payout ticket, including a 
validation number." (note column 3, lines 8-12) Note that in this case, a payout ticket 
would be an event ticket because successful verification of the ticket results in a payout 
event. Stern also teaches, "Selection circuitry 105 may also contain circuitry for 
encrypting all or part of the barcoded data imprinted on the payout ticket." (note column 
4, lines 49-51) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail and Garrison, which printed the 
ASCII string on an event ticket with a bar code of Stern. One or ordinary skill in the art 
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at the time of the invention would have been motivated to combine Shrader et al., Rail, 
Garrison and Stern because it would provide a convenient and secure way to produce 
and verify the authenticity of a monetary winnings event ticket, which would be ideal for 
casino or other gaming companies. 

14. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Shrader 
et al M Rail, Serbinis et al., Garrison and Berners-Lee et al. as applied to claim 14 above, 
and further in view of Tan. 

For claim 16, the combination of Shrader et al., Rail, Serbinis et al., Garrison and 
Berners-Lee et al. differs from the claimed invention in that they fail to specify 
converting the encrypted message into an ASCII string more specifically comprises 
converting a combination of the encrypted message and the index number into an 
ASCII string, wherein the index number is communicated to the remote computer as a 
part of the ASCII string. 

Tan teaches a key management scheme where "the seed (randomly generated 
index number) may be communicated as part of the message transmission." 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to form the combination of Shrader et al., Rail, Serbinis et al., Garrison and 
Berners-Lee et al. which includes the index number in the message transmission of 
Tan. One or ordinary skill in the art at the time of the invention would have been 
motivated to combine Shrader et al., Rail, Serbinis et al, Garrison, Berners-Lee et al. 
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and Tan because it would provide a convenient way of storing the index number so the 
server would not have to locally store which cookie is encrypted with which key. 



1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David J. Pearson whose telephone number is (571) 272- 
071 1 . The examiner can normally be reached on Monday - Friday, 8:00am - 4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Conclusion 
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